1 / 23

PROTECTING INTRANET COMMUNICATIONS

Chapter 10. PROTECTING INTRANET COMMUNICATIONS. TYPES OF FIREWALLS. Host-based firewalls: Software installed on a computer Protects one computer anywhere Network firewalls: Filters traffic entering a network Protects all computers from external threats. VIRUS PENETRATING THE PERIMETER.

joshua-cruz
Download Presentation

PROTECTING INTRANET COMMUNICATIONS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 10 PROTECTING INTRANET COMMUNICATIONS

  2. Chapter 10: Protecting Intranet Communications TYPES OF FIREWALLS • Host-based firewalls: • Software installed on a computer • Protects one computer anywhere • Network firewalls: • Filters traffic entering a network • Protects all computers from external threats

  3. Chapter 10: Protecting Intranet Communications VIRUS PENETRATING THE PERIMETER

  4. Chapter 10: Protecting Intranet Communications FIREWALL CAPABILITIES • Basic packet filtering • Stateful inspection • Application layer filtering

  5. Chapter 10: Protecting Intranet Communications SCREENED SUBNETS • Also known as a demilitarized zone (DMZ) or a perimeter network • Acts like an air lock between internal and external networks • Useful for: • Domain Name System (DNS) servers • Web servers • Mail servers

  6. Chapter 10: Protecting Intranet Communications SCREENED SUBNET WITH THREE-LEGGED FIREWALL

  7. Chapter 10: Protecting Intranet Communications SCREENED SUBNET WITH TWO LAYERS OF FIREWALLS

  8. Chapter 10: Protecting Intranet Communications WHAT IPSec PROVIDES • Communications privacy • Authentication • Packet filtering

  9. Chapter 10: Protecting Intranet Communications HOST-TO-HOST IPSec

  10. Chapter 10: Protecting Intranet Communications HOST-TO-NETWORK IPSec

  11. Chapter 10: Protecting Intranet Communications NETWORK-TO-NETWORK IPSec

  12. Chapter 10: Protecting Intranet Communications COMPARING AH AND ESP • Authentication Header (AH): • Authentication, data integrity, and antireplay • Encapsulating Security Payload (ESP): • Authentication, data integrity, and antireplay • Encryption • Use ESP unless you need to analyze packet contents

  13. Chapter 10: Protecting Intranet Communications IPSec AUTHENTICATION • Kerberos version 5 authentication protocol • Public key certificates • Pre-shared key

  14. Chapter 10: Protecting Intranet Communications IPSec DRAWBACKS • Slower to establish a connection • Processing overhead • Encryption prevents packet analysis • Increases network utilization • Not all applications are compatible with NAT-T • Not compatible with all domain controller communications

  15. Chapter 10: Protecting Intranet Communications WIRELESS NETWORK ADVANTAGES • Network building with lower cost: • Fewer cables to run • Fewer switches required • Increase employee productivity: • Provide network access in conference rooms

  16. Chapter 10: Protecting Intranet Communications WIRELESS NETWORK COMPONENTS

  17. Chapter 10: Protecting Intranet Communications WIRELESS ENCRYPTION • Static Wired Equivalent Privacy (WEP) protocol • Dynamic WEP protocol • Wi-Fi Protected Access (WPA) protocol

  18. Chapter 10: Protecting Intranet Communications 802.1X AUTHENTICATION

  19. Chapter 10: Protecting Intranet Communications OTHER WIRELESS SECURITY TECHNIQUES • Media Access Control (MAC) address filtering • Disabling Service Set Identifier (SSID) broadcasts • Virtual private networks (VPNs) • Detecting rogue wireless networks • Limiting wireless leakage

  20. Chapter 10: Protecting Intranet Communications NETWORK STUMBLER SCREENSHOT

  21. Chapter 10: Protecting Intranet Communications WIRELESS PROVISIONING SERVICES (WPS) • Simplifies connecting to wireless hotspots • Provides consistent sign-on • Enables hotspots to be authenticated • Supported by Microsoft Windows XP Professional Service Pack 2

  22. Chapter 10: Protecting Intranet Communications WIRELESS PROVISIONING SERVICES ARCHITECTURE

  23. Chapter 10: Protecting Intranet Communications SUMMARY • Use host and network firewalls together for defense-in-depth • Place external servers in a screened subnet • Use IPSec to provide communications encryption and authentication • Use dynamic WEP or WPA protocols for wireless encryption and authentication

More Related